Tom
shorewall.conf entries:
LOGRATE=10/second
LOGBURST=10
FASTACCEPT=No
zones file
fw firewall
lan ipv4 mss=22
rules entries:
SECTION ESTABLISHED
LOG:warn lan fw tcp 21
SECTION RELATED
LOG:warn lan fw tcp 20
SECTION NEW
ACCEPT lan fw tcp 21,22
When compiled with shorewall-perl they generate the rules in attached file
iptables-perl. They look incorrect to me.
When compiled with shorewall-shell they generate the rules in attached file
iptables-shell. They look correct to me.
Steven.
-A lan2fw -m state --state ESTABLISHED -j ACCEPT
-A lan2fw -p 6 --dport 21 -j LOG --log-level 4 --log-prefix
"Shorewall:lan2fw:LOG:"
-A lan2fw -p 6 --dport 20 -j LOG --log-level 4 --log-prefix
"Shorewall:lan2fw:LOG:"
-A lan2fw -p 6 -m multiport --dports 21,22 -j ACCEPT
-A lan2fw -j Drop
-A lan2fw -j LOG --log-level warn --log-prefix "Shorewall:lan2fw:DROP:"
-A lan2fw -j DROP
-A lan2fw -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 22
-A lan2fw -p tcp -m state --state ESTABLISHED -m tcp --dport 21 -m limit
--limit 10/sec --limit-burst 10 -j LOG --log-prefix "Shorewall:lan2fw:LOG:"
-A lan2fw -m state --state ESTABLISHED -j ACCEPT
-A lan2fw -p tcp -m state --state RELATED -m tcp --dport 20 -m limit --limit
10/sec --limit-burst 10 -j LOG --log-prefix "Shorewall:lan2fw:LOG:"
-A lan2fw -m state --state RELATED -j ACCEPT
-A lan2fw -p tcp -m multiport --dports 21,22 -j ACCEPT
-A lan2fw -j Drop
-A lan2fw -m limit --limit 10/sec --limit-burst 10 -j LOG --log-prefix
"Shorewall:lan2fw:DROP:"
-A lan2fw -j DROP
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
